Cornerstones of Care Data Breach Exposes Protected Health Information

On February 11, 2025, Cornerstones of Care, a nonprofit behavioral and mental health organization based in Kansas City, Missouri, announced a data security incident that may have affected both individuals served by the organization and its staff members. The breach was discovered on August 22, 2024, when Cornerstones of Care learned that an unauthorized party may have gained access to a limited number of employee email accounts

Upon this discovery, the organization immediately began remediation efforts and launched a comprehensive investigation with the help of third-party cybersecurity professionals.

As the investigation continued, on December 27, 2024, Cornerstones of Care determined that personal information and protected health information (PHI) may have been impacted including full name, address, date of birth, medical diagnosis information, medical treatment information, and other demographic information.

Cornerstones of Care has stated there is no evidence at this time that any personal information has been misused as a result of this incident. However, out of an abundance of caution, they have issued a public notice and are notifying all known impacted individuals in accordance with applicable laws. The official notice and further details can be found on the Cornerstones of Care Notice of Data Security Incident page.

Cornerstones of Care's response

Cornerstones of Care has set up a dedicated, confidential toll-free response line at (877) 415-4305, staffed by professionals familiar with the incident. The line is available Monday through Friday, 9:00 am to 9:00 pm ET, excluding holidays, to answer questions and provide guidance.

The organization recommends that affected individuals:

• Place a fraud alert on their credit files with one of the three major credit bureaus.
• Consider placing a security freeze on their credit reports to prevent unauthorized access.
• Obtain free annual credit reports and review them for discrepancies or suspicious activity.
• Remain vigilant in monitoring financial account statements and credit reports for irregular activity.
• Take steps to protect their health information, such as reviewing explanation of benefits statements and requesting a year-to-date report of services from their insurance company.

Additional resources and instructions for placing fraud alerts, security freezes, and obtaining credit reports are outlined in the official notice. Impacted individuals are also encouraged to report any suspicious activity to law enforcement and may contact their state attorney general’s office for more information about identity theft protections.

For more information about the organization and its services, visit the Cornerstones of Care website.